/*
 * Demoiselle Framework
 * Copyright (C) 2011 SERPRO
 * ----------------------------------------------------------------------------
 * This file is part of Demoiselle Framework.
 * 
 * Demoiselle Framework is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License version 2
 * as published by the Free Software Foundation.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not,  see <http://www.gnu.org/licenses/>
 * or write to the Free Software Foundation, Inc., 51 Franklin Street,
 * Fifth Floor, Boston, MA  02110-1301, USA.
 * ----------------------------------------------------------------------------
 * Este arquivo é parte do Framework Demoiselle.
 * 
 * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
 * modificá-lo dentro dos termos da Licença Pública Geral GNU como publicada pela Fundação
 * do Software Livre (FSF); na versão 2 da Licença.
 * 
 * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
 * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
 * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/GPL em português
 * para maiores detalhes.
 * 
 * Você deve ter recebido uma cópia da Licença Pública Geral GNU, sob o título
 * "LICENCA.txt", junto com esse programa. Se não, acesse o Portal do Software Público
 * Brasileiro no endereço www.softwarepublico.gov.br ou escreva para a Fundação do Software
 * Livre (FSF) Inc., 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
 
 * @author Tarcizio Vieira Neto (tarcizio.vieira@owasp.org) <a href="http://www.serpro.gov.br">SERPRO</a>
 * @created 2011
 */
package br.gov.frameworkdemoiselle.security;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Random;
import java.util.Set;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.owasp.appsensor.DateUtils;

import br.gov.frameworkdemoiselle.security.authentication.BasicUser;


public class UserManager {

	// Hashtable of username to user object
	public static Hashtable<String, BasicUser> userStorage = new Hashtable<String, BasicUser>();

	// Hashtable of userID to username
	public static Hashtable<Integer, String> idUserMap = new Hashtable<Integer, String>();

	// HashTable of userID to Profile text
	public static Hashtable<Integer, String> idProfileMap = new Hashtable<Integer, String>();

	// HashTable of userID to Status text
	public static Hashtable<Integer, String> idStatusMap = new Hashtable<Integer, String>();

	public static String getNameFromID(int ID) {
		return idUserMap.get(ID);
	}

	public static int getTotalUsers() {
		return userStorage.size();
	}

	public static String getLoggedInUser(HttpServletRequest request) {
		HttpSession session = request.getSession(false);
		int ownerID = 0;
		if (session != null) {
			if (session.getAttribute("userID") != null) {
				ownerID = Integer.parseInt(session.getAttribute("userID").toString());
			}
		}
		return getNameFromID(ownerID);
	}

	public static BasicUser getLoggedInUserObject(HttpServletRequest request) {
		int ownerID = getLoggedInUserID(request);
		if (ownerID != -1) {
			return getUserObjectfromID(ownerID);
		} else {
			return null;
		}

	}

	public static int getLoggedInUserID(HttpServletRequest request) {
		HttpSession session = request.getSession(false);
		// int ownerID=Integer.parseInt(session.getAttribute("userID").toString());
		int ownerID = -1;
		if (session != null) {
			if (session.getAttribute("userID") != null) {
				ownerID = Integer.parseInt(session.getAttribute("userID").toString());
			}
		}
		return ownerID;
	}

	public static BasicUser getUserObjectfromID(int ID) throws NullPointerException {
		String tempname;
		BasicUser u = null;
		if (idUserMap.containsKey(ID)) {
			tempname = idUserMap.get(ID);
			if (userStorage.containsKey(tempname)) {
				u = userStorage.get(tempname);
				return u;
			}
		}
		return null;
		// TODO: add attack detection here
		// throw new NullPointerException(); //Invalid ID submitted let calling class handle this.
	}

	public static BasicUser getUserObjectfromName(String name) {
		@SuppressWarnings("unused")
		Hashtable<String, BasicUser> userStorage2 = userStorage;
		if (userStorage.containsKey(name)) {
			return userStorage.get(name);
		}
		return null;
	}
	
	public static boolean isSessionValid(HttpServletRequest request) {
		HttpSession session = request.getSession(false);
		BasicUser user = UserManager.getLoggedInUserObject(request);
		if (session != null && user != null) {

			boolean sessionValid = request.isRequestedSessionIdValid();
			return sessionValid;
		}
		return false;
	}
}
